[Bug 24061] Re: GPG error with apt-get/aptitude/update-manager behind proxy (BADSIG 40976EAF437D05B5)

Wed Aug 29 09:34:42 UTC 2012

The specific bug I am interested in is case 2 from comment 70: 2. Some
people had bad files on the local box (through proxy or direct download)
and for them the fix was "sudo mv /var/lib/apt/lists
/var/lib/apt/lists.old ; sudo mkdir -p /var/lib/apt/lists/partial".

This can happen because of common, transient network errors and I'm sure
the black hats have ways of inducing or simulating such errors as well.
The bug is NOT that Ubuntu doesn't notice that the files are bad. The
bug is that when it notices that the files are bad, it responds only by
rather quietly suspending updates from the repositories corresponding to
the bad files. The BAD SIG error message does not even go anywhere that
the user is going to see until they start investigating and try running
command line tools instead of the GUI stuff. To me the obvious first
step in fixing this is for the update manager to automatically apply the
manual "fix" of clobbering the bad files in /var/lib/apt/lists, and if
that doesn't work, wave a red flag at the user.

The security implication that I see is that this bug represents a way
for bad guys to block security updates to selected machines, possibly
forever.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/24061

Title:
  GPG error with apt-get/aptitude/update-manager behind proxy (BADSIG
  40976EAF437D05B5)

Status in “apt” package in Ubuntu:
  Triaged
Status in “update-manager” package in Ubuntu:
  Won't Fix
Status in “apt” source package in Precise:
  Triaged
Status in “update-manager” source package in Precise:
  Won't Fix

Bug description:
  I keep getting this when i launch the update manager.

  W: GPG error: http://archive.ubuntu.com breezy-updates Release: The following
  signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic
  Signing Key <ftpmaster at ubuntu.com>

  How can I fix it?

  ***********
  WORKAROUND:
  ----------
  Run the following commands(saves a backup of the old lists and creates a new lists folder) and the BADSIG error does not occur :

  $ cd /var/lib/apt
  $ sudo mv lists lists.old
  $ sudo mkdir -p lists/partial
  $ sudo apt-get update

  ***********

  comment from Rolf Leggewie: This is due to cache inconsistencies and
  thus is not necessarily a bug in Ubuntu at all.  But I hope the fine
  devs can find a way to better deal with broken proxies.  This is a
  very visible issue, a large number of internet connections are behind
  proxies and the users cannot do anything about it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/24061/+subscriptions